More than one-third (36%) of global organisations still lack confidence in their ability to detect sophisticated cyber-attacks, according to the annual EY’s Global Information Security Survey 2015, “Creating trust in the digital world”.
The survey of 1 755 organisations from 67 countries examines some of the most important cybersecurity issues facing businesses today and finds that 88% do not believe their information security structure fully meets their organisation’s needs. When it comes to IT security budgets, 69% say that their budgets should be increased by up to 50% to align their organisation’s need for protection with its managements’ tolerance for risk.
Globally the most likely sources of cyber-attacks: criminal syndicates (59%), employees (56%) and hacktivists (54%) retained their top rankings, with state-sponsored (35%) in the sixth place. In South Africa the most likely sources of cyber-attacks are: criminal syndicates (77%), with employees (71%) and hacktivists (50%).
Ken Allan, global cybersecurity leader at EY, says: “Organisations are embracing the digital world with enthusiasm, but there must be a corresponding uptick in addressing the increasingly sophisticated cyber threats. Businesses should not overlook or underestimate the potential risks of cyber breaches. Instead, they should develop a laser-like focus on cybersecurity and make the required investments. The only way to make the digital world fully operational and sustainable is to enable organisations to protect themselves and their clients and to create trust in their brand.”
The survey also finds that organisations are falling short in thwarting a cyber-attack:
* 54% globally say they lack a dedicated function that focuses on emerging technology and its impact, while in South Africa the figure stands at 47%.
* 47% do not have a security operations center, and in South Africa at a much higher percentage 62%.
* 36% do not have a threat intelligence programme, which is reflective of the South African environment as well.
More than half (57%) said that the contribution and value that the information security function provides to their organisation is compromised by the lack of skilled talent available.
Raghuvansh Swami, Africa cybersecurity leader at EY, says: “Cybersecurity is inherently a defensive capability, however organisations should not wait to become victims. Instead, they should take an ‘active defense’ stance, with advanced security practices that identify potential attackers, analyse, assess and neutralise threats before damage can occur. It appears that South Africa is lagging behind in a number of security defence capabilities. We need to catch up and catch up faster to avoid becoming victims.”